北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2006, Vol. 29 ›› Issue (s2): 122-126.doi: 10.13190/jbupt.2006s2.122.298

• 论文 • 上一篇    下一篇

基于消息驱动的分布式入侵检测通信机制

杜 晔1, 郭幽燕2   

  1. 1. 北京交通大学 计算机与信息技术学院, 北京 100044; 2. 首都医科大学附属北京安贞医院 信息中心, 北京 100029
  • 收稿日期:2006-08-16 修回日期:1900-01-01 出版日期:2006-11-30 发布日期:2006-11-30
  • 通讯作者: 杜 晔

Research on a message driven communication scheme for distributed intrusion detection

杜 晔1, GUO You-yan2   

  1. 1. School of Computer and Information Technology, Beijing Jiaotong University, 100044, China;
    2. Information Management, Beijing Anzhen Hospital, Beijing 100029, China
  • Received:2006-08-16 Revised:1900-01-01 Online:2006-11-30 Published:2006-11-30
  • Contact: 杜 晔

摘要:

提出了基于消息驱动的通信机制,设计了检测器与管理器以及通讯器与通讯器间的通信模式和算法。分3个层次实现通信协议,给出了常用消息的定义,并详细设计了通信流程。通过利用doorknob攻击进行测试与实验分析,协作实体可以很好地检测出分布式复杂攻击。

关键词: 入侵检测, 通信模型, 协议

Abstract:

A message driven communication mechanism was proposed, which takes the role of transforming information, and cooperating to detect vicious behaviors. The communication models and algorithms of detector, manager and communicator were designed. The protocol presented here was divided into three layers. Then, the definitions of common used messages were given, and communication processes were designed in detail. In the end, doorknob attack was used for simulation. Experimental results showed the validity of this mechanism to detect intricate event.

Key words: intrusion detection, communication model, protocol

中图分类号: